From fdf9ae7c18146ce58531bc6bbbb1eff5461691d2 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 10 Oct 2013 12:01:10 +0200 Subject: [feature/passwords] Increase test coverage to 100% of methods Obsolete code that is impossible to hit has been removed and the logic of the salted md5 driver has been changed to correctly implement the phpBB 3.0 phpbb_hash() function. PHPBB3-11610 --- phpBB/phpbb/passwords/driver/salted_md5.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'phpBB/phpbb/passwords/driver') diff --git a/phpBB/phpbb/passwords/driver/salted_md5.php b/phpBB/phpbb/passwords/driver/salted_md5.php index 23ae25c0c9..c44da540a6 100644 --- a/phpBB/phpbb/passwords/driver/salted_md5.php +++ b/phpBB/phpbb/passwords/driver/salted_md5.php @@ -41,7 +41,13 @@ class salted_md5 extends \phpbb\passwords\driver\base { if (($settings = $this->get_hash_settings($setting)) === false) { - return false; + // Return md5 of password if settings do not + // comply with our standards. This will only + // happen if pre-determined settings are + // directly passed to the driver. The manager + // will not do this. Same as the old hashing + // implementatio in phpBB 3.0 + return md5($password); } } else @@ -59,13 +65,7 @@ class salted_md5 extends \phpbb\passwords\driver\base $output = $settings['full']; $output .= $this->helper->hash_encode64($hash, 16); - if (strlen($output) == 34) - { - return $output; - } - - // Should we really just return the md5 of the password? O.o - return md5($password); + return $output; } /** -- cgit v1.2.1